-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Feb 2024 20:15:47 +0000
Source: imagemagick
Binary: imagemagick-6-common imagemagick-6-doc imagemagick-common imagemagick-doc libimage-magick-perl libmagick++-6-headers libmagick++-dev libmagickcore-6-headers libmagickcore-dev libmagickwand-6-headers libmagickwand-dev perlmagick
Architecture: all
Version: 8:6.9.11.60+dfsg-1.6+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 imagemagick-6-common - image manipulation programs -- infrastructure
 imagemagick-6-doc - document files of ImageMagick
 imagemagick-common - image manipulation programs -- infrastructure dummy package
 imagemagick-doc - document files of ImageMagick -- dummy package
 libimage-magick-perl - Perl interface to the ImageMagick graphics routines
 libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files
 libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package
 libmagickcore-6-headers - low-level image manipulation library - header files
 libmagickcore-dev - low-level image manipulation library -- dummy package
 libmagickwand-6-headers - image manipulation library - headers files
 libmagickwand-dev - image manipulation library -- dummy package
 perlmagick - Perl interface to ImageMagick -- dummy package
Closes: 1013282 1036999
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u1) bookworm-security; urgency=high
 .
   * Acknowledge NMU
   * Fix CVE-2021-3610 heap buffer overflow vulnerability in TIFF coder
   * Fix an heap buffer overflow in TIFF coder
   * Fix uninitialised value passing in TIFFGetField
   * Fix stack overflow in TIFF coder
   * Early exit in case of malformed TIFF file
   * Fix buffer overrun in TIFF coder
   * Fix unitialised value in TIFF coder
   * Fix CVE-2022-1115: Heap based overflow in
     TIFF coder (Closes: #1013282)
   * Fix uninitialised value in TIFF coders
   * Use salsa-ci
   * Fix CVE-2023-1289: A specially created SVG file loaded itself and
     causes a segmentation fault. This flaw allows a remote attacker
     to pass a specially crafted SVG file that leads to a segmentation
     fault, generating many trash files in "/tmp," resulting in
     a denial of service. When ImageMagick crashes,
     it generates a lot of trash files. These trash files
     can be large if the SVG file contains many render actions.
     In a denial of service attack, if a remote attacker uploads an SVG file
     of size t, ImageMagick generates files of size 103*t.
     If an attacker uploads a 100M SVG, the server will generate about 10G.
   * Fix CVE-2023-1906: A heap-based buffer overflow issue was
     discovered in ImageMagick's ImportMultiSpectralQuantum() function
     in MagickCore/quantum-import.c. An attacker could pass specially
     crafted file to convert, triggering an out-of-bounds read error,
     allowing an application to crash, resulting in a denial of service.
   * Fix CVE-2023-34151: Imagemagick was vulnerable due to
     an undefined behaviors of casting double to size_t in svg, mvg
     and other coders. (Closes: #1036999)
   * Fix CVE-2023-3428: A heap-based buffer overflow vulnerability
     was found in coders/tiff.c in ImageMagick. This issue
     may allow a local attacker to trick the user into opening
     a specially crafted file, resulting in an application crash
     and denial of service.
   * Fix CVE-2023-5341: A heap use-after-free flaw was found in
     coders/bmp.c
Checksums-Sha1:
 d10303ba8bab1f5ed009c2f947a1d09e79fa0fcb 166244 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 f77e7ddcbb8679f97a021e2fecf5e98c60750f9a 7888740 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 fe541f9680265e182b27739065959918b74b197b 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 05afb6676aacc54569c97b03fae923e7faf0aa76 1616 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 7968f800f79f0f1039cdeac0d96c98c43aa15b6c 18365 imagemagick_6.9.11.60+dfsg-1.6+deb12u1_all-buildd.buildinfo
 2913a117419b39ac167b89a70a2d4de2bfecaef2 53308 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 84996784fd7abb70c9184e496e106f283a08afac 47516 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 9bc950a3b8a0727af17b66bca2500a0f0b5bc6d2 1364 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 46ea6a321454ef91415907fbaf9ed45bf31673af 50924 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 0032c29fb709ff9612771a408494959e17908fed 1336 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 95dea797a29ef803ecad7d712a4cf57fa9196656 10500 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 864c11c4472c2eb3c4795f45ec823ef62a57548c 1324 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 eb1124d9925ea3667a77195e060efc29fe4f2c78 1360 perlmagick_6.9.11.60+dfsg-1.6+deb12u1_all.deb
Checksums-Sha256:
 0511151fede5ee00defb3a96a8122e3b14c961f7e4349d9e4ddc35462d90142b 166244 imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 0f12cf8c52302e89b60bc42375f92b6988986c1e67307131fc11ed71112a194c 7888740 imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 dc416f66bd97b30f9470bf17ff14110c6859e32660f57614f485fafac13d8360 1512 imagemagick-common_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 1b225594a95fbb1f95eb63aa1a27fc2b45bb4d5ab4be9a473fc5a5e19362ec7b 1616 imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 f288412e8b43170c5408132511c595d968d30bcf81114020a20ce2cd5a773709 18365 imagemagick_6.9.11.60+dfsg-1.6+deb12u1_all-buildd.buildinfo
 414a91564dc3aadc66c368a5cda5a3f4e1b31f0b0aaa696c7504c019989a3557 53308 libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 aa92ae0251e9bb284246a7a7b942e0ca29f8f08c5f26d885278a4f5a923971e0 47516 libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 a95ac6f56d2089109bc204a83bbd075822fc4be8c773dbc34489ad53f824e4ec 1364 libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 b367b4e13a76b53b740c2b994f5ab37bd3b38ee94ffb73be5209a10192deccd0 50924 libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 bda6e96ed726c369f0e73a7f433e470877f4e7cba5a2d4959fd82b3537d2a84d 1336 libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 ff9dd6f66e8973c3ec116f4ac374c51db16cf492b4302612dfbb612ecccbb62d 10500 libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 d76e55538dbc72785760a8f4cc4f370e045a555184c26d24165b36e48cc21d45 1324 libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 7c7932fa35636f2963edbdff8ff192b316396584793641f4ccdc9b02b0b14481 1360 perlmagick_6.9.11.60+dfsg-1.6+deb12u1_all.deb
Files:
 fc748e234b7917bd4678abeb83e1542c 166244 graphics optional imagemagick-6-common_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 6dca004ac6a503bd1f2cd2a4e0c86d81 7888740 doc optional imagemagick-6-doc_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 cc9d80260131bf63996c8314ba082562 1512 oldlibs optional imagemagick-common_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 7e094f1362dda39ed88b105ebaa79e36 1616 oldlibs optional imagemagick-doc_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 90d08c2d5761c3ad52860c2f089b52c5 18365 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u1_all-buildd.buildinfo
 4dcb012f9ff8c5ee149b6a914f0671c6 53308 perl optional libimage-magick-perl_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 e519a514c750d6730085661ecaa971d6 47516 libdevel optional libmagick++-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 7521e1aaa00f25b5b41db3041a380b0a 1364 oldlibs optional libmagick++-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 271553128d8ae86b152d6e96c0f89197 50924 libdevel optional libmagickcore-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 93d928024ec491b4e385b40508410ac8 1336 oldlibs optional libmagickcore-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 2c8e23c7cc82975b124b3cbff519bac1 10500 libdevel optional libmagickwand-6-headers_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 b3d8a891bac86d579264fd0e8be14694 1324 oldlibs optional libmagickwand-dev_6.9.11.60+dfsg-1.6+deb12u1_all.deb
 01451bc06c4928cc9be177b3bdf3fb34 1360 oldlibs optional perlmagick_6.9.11.60+dfsg-1.6+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmXPsaQACgkQEbLkkg2O
S0pOuw//dZiE/KJI21njs2ufkvE6uDmx4/BohwYIeUIIkqrC5Lzn4ZJsUabb6+R+
8RUPWEQm9hoto0JO6ZapaPbgd4xCgvA9N8dBSU3z+ikUrqLC3fZcv3VqaXpCkoZN
Hr1SUKYW3ZfLBRMfgziVgCswh3vEaDZDQPnixZX9xVFygB+2aJosKmJybJx9MXwI
7Sjn29uHXnRhv/afPmymO5f6q3Uzhy7f0R3D6fBCjjogQvrq+07Bam2Ppu7Jus8J
SzMsIKU7D23VtnKgaRqwEbR+lOdobQbMGFn5t+uMSIgJ0ub3XUmvJNKrqZL/V/o/
CUnd+DimYaXyowH677MVWtVDJJhxctgXuagVJx0Dk9z03eyMr/tuyys6NcRgrCyU
tn8dGa3nDNfYAIS5HB0EYmjOHcdpf4/4c5GztGfw/OeVDLzVr1/eyswMRmylIEaK
8VzxYm+C15qZonYLeH/v0YFpp2YUP99Z6iNGPVXZonT4F9pgv2c0a/qeZyaURr4W
tsEL57rVN0zaFfF2NUFBJsMDh1Pybr9qEZg6fDEWpoxCMS1X4HSRbkQ8mH9SLDpv
oEyvcRF2iBegcAgmfacaWyzsPxdbmF9UXqYpFjrgg379LgQg679JuMQOERham8Li
pCGoquSWFW9202VyUsuIIGxnnJGOGosRspiJiXZsqm1TX88qTnM=
=sWaS
-----END PGP SIGNATURE-----